modiloader | 955b129de18dc8aa8cadddc64931977214c8f0315e061325a50c671cf4ea6a55 | Triage

Submit
Reports

Overview

overview

Static

static

8

955b129de1...55.exe

windows7-x64

955b129de1...55.exe

windows10-2004-x64

Sharing

General

Target

955b129de18dc8aa8cadddc64931977214c8f0315e061325a50c671cf4ea6a55
Size

108KB
Sample

221123-3kd1facf45
MD5

54935b927972df9fbc9a8e880fb62fad
SHA1

695416fa4ed2c2152845280d80443e8eb8151005
SHA256

955b129de18dc8aa8cadddc64931977214c8f0315e061325a50c671cf4ea6a55
SHA512

ca9541428c229cf8b7a67ef4158bcb7d694715e346f66f74f694105be79035d77a2fd9e8758284890235a4d8192e3c101b47f574872705dc5c76def4cd282e7d
SSDEEP

1536:5VuNAXTj4Fj/91/NnLZqeWEPVpa8DzePjkgcwYS7S5+Vfk09+2oUZ7vunouy8:3oy8j7VnNdrPHaSekwi+mW+2NZ7Gout

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

955b129de18dc8aa8cadddc64931977214c8f0315e061325a50c671cf4ea6a55.exe

Resource

win7-20221111-en

modiloader evasion persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

955b129de18dc8aa8cadddc64931977214c8f0315e061325a50c671cf4ea6a55.exe

Resource

win10v2004-20221111-en

modiloader evasion persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  955b129de18dc8aa8cadddc64931977214c8f0315e061325a50c671cf4ea6a55
- Size
  
  108KB
- MD5
  
  54935b927972df9fbc9a8e880fb62fad
- SHA1
  
  695416fa4ed2c2152845280d80443e8eb8151005
- SHA256
  
  955b129de18dc8aa8cadddc64931977214c8f0315e061325a50c671cf4ea6a55
- SHA512
  
  ca9541428c229cf8b7a67ef4158bcb7d694715e346f66f74f694105be79035d77a2fd9e8758284890235a4d8192e3c101b47f574872705dc5c76def4cd282e7d
- SSDEEP
  
  1536:5VuNAXTj4Fj/91/NnLZqeWEPVpa8DzePjkgcwYS7S5+Vfk09+2oUZ7vunouy8:3oy8j7VnNdrPHaSekwi+mW+2NZ7Gout
Score

10^/10

modiloader evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupx

behavioral2

modiloaderevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy